Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3
IP Addressing and Services Commands: D through H
Download this chapter
IP Addressing and Services Commands: D through HIP Addressing and Services Commands: D through H
Download the complete book
Book-level PDF: Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3 Book-level PDF: Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3 (PDF - 3 MB)
give_us_feedback

Table Of Contents

default-router

delay (tracking)

delay (virtual server)

deny (IP)

dns-server

domain-name (DHCP)

dynamic

faildetect

forwarding-agent

glbp authentication

glbp forwarder preempt

glbp ip

glbp load-balancing

glbp preempt

glbp priority

glbp timers redirect

glbp timers

glbp weighting track

glbp weighting

hardware-address

host


default-router

To specify the default router list for a Dynamic Host Configuration Protocol (DHCP) client, use the default-router command in DHCP pool configuration mode. To remove the default router list, use the no form of this command.

default-router address [address2...address8]

no default-router

Syntax Description

address

Specifies the IP address of a router. One IP address is required, although you can specify up to eight addresses in one command line.

address2...address8

(Optional) Specifies up to eight addresses in the command line.


Defaults

No default behavior or values.

Command Modes

DHCP pool configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Usage Guidelines

The IP address of the router should be on the same subnet as the client subnet. You can specify up to eight routers in the list. Routers are listed in order of preference (address1 is the most preferred router, address2 is the next most preferred router, and so on).

Examples

The following example specifies 10.12.1.99 as the IP address of the default router: 

default-router 10.12.1.99

Related Commands

Command
Description

ip dhcp pool

Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.


delay (tracking)

To specify a period of time to delay communicating state changes of a tracked object, use the delay command in tracking configuration mode. To disable the delay period, use the no form of this command.

delay {up seconds down seconds | up seconds | down seconds}

no delay {up seconds down seconds | up seconds | down seconds}

Syntax Description

up

Specifies the up delay.

down

Specifies the down delay.

seconds

Delay value in seconds.


Defaults

No default behavior or values

Command Modes

Tracking configuration

Command History

Release
Modification

12.2(15)T

This command was introduced.


Usage Guidelines

This command is available to all tracked objects.

Examples

In the following example, the tracking process is tracking the IP route metric threshold. The delay period to communicate the changes of the tracked object to the client process is set to 30 seconds. 

track 1 ip route 10.22.0.0/16 metric threshold

 threshold metric up 16 down 20 

 delay down 30

delay (virtual server)

To change the amount of time IOS Server Load Balancing (IOS SLB) maintains TCP connection context after a connection has terminated, use the delay command in SLB virtual server configuration mode. To restore the default delay timer, use the no form of this command.

delay {duration | radius framed-ip duration}

no delay {duration | radius framed-ip duration}

Syntax Description

duration

Delay timer duration for TCP connection context, in seconds. The valid range is 1 to 600 seconds. The default value is 10 seconds.

radius framed-ip duration

Delay timer for RADIUS framed-ip sticky database, in seconds. The valid range is 1 to 600 seconds. The default value is 10 seconds.


Defaults

The default duration for the TCP connection context is 10 seconds.
The default duration for the RADIUS framed-ip sticky database is 10 seconds.

Command Modes

SLB virtual server configuration

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.1(18)E

The radius and framed-ip keywords and the duration argument were added.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

The TCP connection context delay timer allows out-of-sequence packets and final acknowledgments (ACKs) to be delivered after a TCP connection ends. Do not set this value to zero (0).

If you are configuring a TCP connection context delay timer for HTTP flows, choose a low number such as 5 seconds as a starting point.

For the Home Agent Director, the delay command has no meaning and is not supported.

Examples

The following example specifies that IOS SLB maintains TCP connection context for 30 seconds after a connection has terminated: 

Router(config)# ip slb vserver PUBLIC_HTTP

Router(config-slb-vserver)# delay 30

Related Commands

Command
Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

virtual

Configures the virtual server attributes.


deny (IP)

To set conditions in a named IP access list that will deny packets, use the deny command in access list configuration mode.To remove a deny condition from an access list, use the no form of this command.

[sequence-number] deny source [source-wildcard]

[sequence-number] deny protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

no sequence-number

no deny source [source-wildcard]

no deny protocol source source-wildcard destination destination-wildcard

Internet Control Message Protocol (ICMP)

[sequence-number] deny icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Internet Group Management Protocol (IGMP)

[sequence-number] deny igmp source source-wildcard destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Transmission Control Protocol (TCP)

[sequence-number] deny tcp source source-wildcard [operator port [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

User Datagram Protocol (UDP)

[sequence-number] deny udp source source-wildcard [operator port [port]] destination destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]

Syntax Description

sequence-number

(Optional) Sequence number assigned to the deny statement, causing the system to insert the statement in that numbered position in the access list.

source

Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:

Use a 32-bit quantity in four-part, dotted-decimal format.

Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

source-wildcard

Wildcard bits to be applied to the source. There are three alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part, dotted decimal format. Place 1s in the bit positions you want to ignore.

Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

protocol

Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. Some protocols allow further qualifiers described later.

destination

Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:

Use a 32-bit quantity in four-part, dotted-decimal format.

Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.

Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

destination-wildcard

Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:

Use a 32-bit quantity in four-part, dotted decimal format. Place 1s in the bit positions you want to ignore.

Use the any keyword as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255.

Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

precedence precedence

(Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines."

tos tos

(Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by name as listed in the section "Usage Guidelines" of the access-list (IP extended) command.

log

(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)

The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.

Use the ip access-list log-update command to generate logging messages when the number of matches reaches a configurable threshold (rather than waiting for a 5-minute interval). See the ip access-list log-update command for more information.

The logging facility might drop some logging message packets if there are too many to be handled or if there is more than one logging message to be handled in 1 second. This behavior prevents the router from crashing due to too many logging packets. Therefore, the logging facility should not be used as a billing tool or an accurate source of the number of matches to an access list.

If you enable CEF and then create an access list that uses the log keyword, the packets that match the access list are not CEF switched. They are fast switched. Logging disables CEF.

time-range time-range-name

(Optional) Name of the time range that applies to this deny statement. The name of the time range and its restrictions are specified by the time-range and absolute or periodic commands, respectively.

fragments

(Optional) The access list entry applies to noninitial fragments of packets; the fragment is either permitted or denied accordingly. For more details about the fragments keyword, see the "Access List Processing of Fragments" and "Fragments and Policy Routing" sections in the "Usage Guidelines" section.

icmp-type

(Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.

icmp-code

(Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.

icmp-message

(Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.

igmp-type

(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.

operator

(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard, it must match the source port.

If the operator is positioned after the destination and destination-wildcard, it must match the destination port.

The range operator requires two port numbers. All other operators require one port number.

port

(Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.

TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP.

established

(Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.


Defaults

There is no specific condition under which a packet is denied passing the named access list.

Command Modes

Access list configuration

Command History

Release
Modification

11.2

This command was introduced.

12.0(1)T

The time-range time-range-name keyword and argument were added.

12.0(11) and 12.1(2)

The fragments keyword was added.

12.2(13)T

The igrp keyword was removed because the IGRP protocol is no longer available in Cisco IOS software.

12.2(14)S

The sequence-number argument was added.

12.2(15)T

The sequence-number argument was integrated into 12.2(15)T and the igrp keyword was removed.


Usage Guidelines

Use this command following the ip access-list command to specify conditions under which a packet cannot pass the named access list.

The time-range option allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this deny statement is in effect.

Access List Processing of Fragments

The behavior of access-list entries regarding the use or lack of the fragments keyword can be summarized as follows:

If the Access-List Entry has...
Then..

...no fragments keyword (the default behavior), and assuming all of the access-list entry information matches,

For an access-list entry containing only Layer 3 information:

The entry is applied to nonfragmented packets, initial fragments and noninitial fragments.

For an access list entry containing Layer 3 and Layer 4 information:

The entry is applied to nonfragmented packets and initial fragments.

If the entry is a permit statement, the packet or fragment is permitted.

If the entry is a deny statement, the packet or fragment is denied.

The entry is also applied to noninitial fragments in the following manner. Because noninitial fragments contain only Layer 3 information, only the Layer 3 portion of an access-list entry can be applied. If the Layer 3 portion of the access-list entry matches, and

If the entry is a permit statement, the noninitial fragment is permitted.

If the entry is a deny statement, the next access-list entry is processed.

Note The deny statements are handled differently for noninitial fragments versus nonfragmented or initial fragments.

...the fragments keyword, and assuming all of the access-list entry information matches,

Note The access-list entry is applied only to noninitial fragments. The fragments keyword cannot be configured for an access-list entry that contains any Layer 4 information.


Be aware that you should not simply add the fragments keyword to every access list entry because the first fragment of the IP packet is considered a nonfragment and is treated independently of the subsequent fragments. An initial fragment will not match an access list permit or deny entry that contains the fragments keyword, the packet is compared to the next access list entry, and so on, until it is either permitted or denied by an access list entry that does not contain the fragments keyword. Therefore, you may need two access list entries for every deny entry. The first deny entry of the pair will not include the fragments keyword, and applies to the initial fragment. The second deny entry of the pair will include the fragments keyword and applies to the subsequent fragments. In the cases where there are multiple deny access list entries for the same host but with different Layer 4 ports, a single deny access-list entry with the fragments keyword for that host is all that needs to be added. Thus all the fragments of a packet are handled in the same manner by the access list.

Packet fragments of IP datagrams are considered individual packets and each counts individually as a packet in access list accounting and access list violation counts.

Note The fragments keyword cannot solve all cases involving access lists and IP fragments.

Fragments and Policy Routing

Fragmentation and the fragment control feature affect policy routing if the policy routing is based on the match ip address command and the access list had entries that match on Layer 4 through 7 information. It is possible that noninitial fragments pass the access list and are policy routed, even if the first fragment was not policy routed or the reverse.

By using the fragments keyword in access list entries as described earlier, a better match between the action taken for initial and noninitial fragments can be made and it is more likely policy routing will occur as intended.

Examples

The following example sets a deny condition for a standard access list named Internetfilter: 

ip access-list standard Internetfilter

 deny 192.5.34.0  0.0.0.255

 permit 128.88.0.0  0.0.255.255

 permit 36.0.0.0  0.255.255.255

! (Note: all other access implicitly denied)

The following example denies HTTP traffic on Monday through Friday from 8:00 a.m. to 6:00 p.m.: 

time-range no-http

 periodic weekdays 8:00 to 18:00

!

ip access-list extended strict

 deny tcp any any eq http time-range no-http

!

interface ethernet 0

 ip access-group strict in

The following example adds an entry with the sequence number 25 to extended IP access list 150: 

Router(config)# ip access-list extended 150

Router(config-std-nacl)# 25 deny ip host 3.3.3.3 host 45.5.5.34

The following example removes the entry with the sequence number 25 from the standard access list example shown above: 

Router(config-std-nacl)# no 25

Related Commands

Command
Description

access-list (IP extended)

Defines an extended IP access list.

access-list (IP extended)

Defines a standard IP access list.

ip access-group

Controls access to an interface.

ip access-list

Defines an IP access list by name.

ip access-list log-update

Sets the threshold number of packets that cause a logging message.

ip access-list resequence

Applies sequence numbers to the access list entries in an access list.

permit (IP)

Sets conditions under which a packet passes a named IP access list.

remark

Writes a helpful comment (remark) for an entry in a named IP access list.

show ip access-list

Displays the contents of all current IP access lists.

time-range

Specifies when an access list or other feature is in effect.


dns-server

To specify the Domain Name System (DNS) IP servers available to a Dynamic Host Configuration Protocol (DHCP) client, use the dns-server command in DHCP pool configuration mode. To remove the DNS server list, use the no form of this command.

dns-server address [address2...address8]

no dns-server

Syntax Description

address

The IP address of a DNS server. One IP address is required, although you can specify up to eight addresses in one command line.

address2...address8

(Optional) Specifies up to eight addresses in the command line.


Defaults

If DNS IP servers are not configured for a DHCP client, the client cannot correlate host names to IP addresses.

Command Modes

DHCP pool configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Usage Guidelines

Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on).

Examples

The following example specifies 10.12.1.99 as the IP address of the domain name server of the client: 

dns-server 10.12.1.99

Related Commands

Command
Description

domain-name (DHCP)

Specifies the domain name for a DHCP client.

ip dhcp pool

Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.


domain-name (DHCP)

To specify the domain name for a Dynamic Host Configuration Protocol (DHCP) client, use the domain-name command in DHCP pool configuration mode. To remove the domain name, use the no form of this command.

domain-name domain

no domain-name

Syntax Description

domain

Specifies the domain name string of the client.


Defaults

No default behavior or values.

Command Modes

DHCP pool configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Examples

The following example specifies cisco.com as the domain name of the client: 

domain-name cisco.com

Related Commands

Command
Description

dns-server

Specifies the DNS IP servers available to a DHCP client.

ip dhcp pool

Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.


dynamic

To define a named dynamic IP access list, use the dynamic command in access-list configuration mode. To remove the access lists, use the no form of this command.

dynamic dynamic-name [timeout minutes] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [fragments]

no dynamic dynamic-name

Internet Control Message Protocol (ICMP)

dynamic dynamic-name [timeout minutes] {deny | permit} icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [fragments]

Internet Group Management Protocol (IGMP)

dynamic dynamic-name [timeout minutes] {deny | permit} igmp source source-wildcard destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log] [fragments]

Transmission Control Protocol (TCP)

dynamic dynamic-name [timeout minutes] {deny | permit} tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log] [fragments]

User Datagram Protocol (UDP)

dynamic dynamic-name [timeout minutes] {deny | permit} udp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log] [fragments]

Syntax Description

dynamic-name

Identifies this access list as a dynamic access list. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter in the Cisco IOS Security Configuration Guide.

timeout minutes

(Optional) Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an infinite length of time and allows an entry to remain permanently. Refer to lock-and-key access documented in the "Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter in the Cisco IOS Security Configuration Guide.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

protocol

Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. Some protocols allow further qualifiers described later.

source

Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:

Use a 32-bit quantity in four-part, dotted decimal format.

Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

source-wildcard

Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part, dotted decimal format. Place 1s in the bit positions you want to ignore.

Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.

destination

Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:

Use a 32-bit quantity in four-part, dotted decimal format.

Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.

Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

destination-wildcard

Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:

Use a 32-bit quantity in four-part, dotted-decimal format. Place 1s in the bit positions you want to ignore.

Use the any keyword as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255.

Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

precedence precedence

(Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7, or by name as listed in the section "Usage Guidelines."

tos tos

(Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by name as listed in the section "Usage Guidelines."

log

(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)

The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.

The logging facility might drop some logging message packets if there are too many to be handled or if there is more than one logging message to be handled in 1 second. This behavior prevents the router from crashing due to too many logging packets. Therefore, the logging facility should not be used as a billing tool or an accurate source of the number of matches to an access list.

fragments

(Optional) The access list entry applies to noninitial fragments of packets; the fragment is either permitted or denied accordingly. For more details about the fragments keyword, see the "Access List Processing of Fragments" and "Fragments and Policy Routing" sections in the "Usage Guidelines" section.

icmp-type

(Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.

icmp-code

(Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.

icmp-message

(Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the section "Usage Guidelines."

igmp-type

(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines."

operator

(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard, it must match the source port.

If the operator is positioned after the destination and destination-wildcard, it must match the destination port.

The range operator requires two port numbers. All other operators require one port number.

port

(Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the section "Usage Guidelines" of the access-list (IP extended) command. TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP.

established

(Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.


Defaults

An extended access list defaults to a list that denies everything. An extended access list is terminated by an implicit deny statement.

Command Modes

Access-list configuration

Command History

Release
Modification

11.2

This command was introduced.

12.0(11)

The fragments keyword was added.

12.2(13)T

The igrp keyword was removed because the IGRP protocol is no longer available in Cisco IOS software.


Usage Guidelines

You can use named access lists to control the transmission of packets on an interface and restrict contents of routing updates. The Cisco IOS software stops checking the extended access list after a match occurs.

Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended IP access list. Extended access lists used to control vty access or restrict the contents of routing updates must not match against the TCP source port, the ToS value, or the precedence of the packet.

Caution Named IP access lists will not be recognized by any software release prior to Cisco IOS Release 11.2.

Note After an access list is created, any subsequent additions (possibly entered from the terminal) are placed at the end of the list. In other words, you cannot selectively add or remove access list command lines from a specific access list.

The following is a list of precedence names:

critical

flash

flash-override

immediate

internet

network

priority

routine

The following is a list of ToS names:

max-reliability

max-throughput

min-delay

min-monetary-cost

normal

The following is a list of ICMP message type names and ICMP message type and code names:

administratively-prohibited

alternate-address

conversion-error

dod-host-prohibited

dod-net-prohibited

echo

echo-reply

general-parameter-problem

host-isolated

host-precedence-unreachable

host-redirect

host-tos-redirect

host-tos-unreachable

host-unknown

host-unreachable

information-reply

information-request

mask-reply

mask-request

mobile-redirect

net-redirect

net-tos-redirect

net-tos-unreachable

net-unreachable

network-unknown

no-room-for-option

option-missing

packet-too-big

parameter-problem

port-unreachable

precedence-unreachable

protocol-unreachable

reassembly-timeout

redirect

router-advertisement

router-solicitation

source-quench

source-route-failed

time-exceeded

timestamp-reply

timestamp-request

traceroute

ttl-exceeded

unreachable

The following is a list of IGMP message names:

dvmrp

host-query

host-report

pim

trace

The following is a list of TCP port names that can be used instead of port numbers. Refer to the current assigned numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found if you type a ? in the place of a port number.

bgp

chargen

daytime

discard

domain

echo

finger

ftp

ftp-data

gopher

hostname

irc

klogin

kshell

lpd

nntp

pop2

pop3

smtp

sunrpc

syslog

tacacs-ds

talk

telnet

time

uucp

whois

www

The following is a list of UDP port names that can be used instead of port numbers. Refer to the current assigned numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found if you type a ? in the place of a port number.

biff

bootpc

bootps

discard

dns

dnsix

echo

mobile-ip

nameserver

netbios-dgm

netbios-ns

ntp

rip

snmp

snmptrap

sunrpc

syslog

tacacs-ds

talk

tftp

time

who

xdmcp

Access List Processing of Fragments

The behavior of access-list entries regarding the use or lack of the fragments keyword can be summarized as follows:

If the Access-List Entry has...
Then..

...no fragments keyword (the default behavior), and assuming all of the access-list entry information matches,

For an access-list entry containing only Layer 3 information:

The entry is applied to nonfragmented packets, initial fragments and noninitial fragments.

For an access list entry containing Layer 3 and Layer 4 information:

The entry is applied to nonfragmented packets and initial fragments.

If the entry is a permit statement, the packet or fragment is permitted.

If the entry is a deny statement, the packet or fragment is denied.

The entry is also applied to noninitial fragments in the following manner. Because noninitial fragments contain only Layer 3 information, only the Layer 3 portion of an access-list entry can be applied. If the Layer 3 portion of the access-list entry matches, and

If the entry is a permit statement, the noninitial fragment is permitted.

If the entry is a deny statement, the next access-list entry is processed.

Note The deny statements are handled differently for noninitial fragments versus nonfragmented or initial fragments.

...the fragments keyword, and assuming all of the access-list entry information matches,

Note The access-list entry is applied only to noninitial fragments.The fragments keyword cannot be configured for an access-list entry that contains any Layer 4 information.


Be aware that you should not simply add the fragments keyword to every access list entry because the first fragment of the IP packet is considered a nonfragment and is treated independently of the subsequent fragments. An initial fragment will not match an access list permit or deny entry that contains the fragments keyword, the packet is compared to the next access list entry, and so on, until it is either permitted or denied by an access list entry that does not contain the fragments keyword. Therefore, you may need two access list entries for every deny entry. The first deny entry of the pair will not include the fragments keyword, and applies to the initial fragment. The second deny entry of the pair will include the fragments keyword and applies to the subsequent fragments. In the cases where there are multiple deny access list entries for the same host but with different Layer 4 ports, a single deny access-list entry with the fragments keyword for that host is all that needs to be added. Thus all the fragments of a packet are handled in the same manner by the access list.

Packet fragments of IP datagrams are considered individual packets and each counts individually as a packet in access list accounting and access list violation counts.

Note The fragments keyword cannot solve all cases involving access lists and IP fragments.

Fragments and Policy Routing

Fragmentation and the fragment control feature affect policy routing if the policy routing is based on the match ip address command and the access list had entries that match on Layer 4 through 7 information. It is possible that noninitial fragments pass the access list and are policy routed, even if the first fragment was not policy routed or the reverse.

By using the fragments keyword in access list entries as described earlier, a better match between the action taken for initial and noninitial fragments can be made and it is more likely policy routing will occur as intended.

Examples

The following example defines a dynamic access list named washington: 

ip access-group washington in

!

ip access-list extended washington

 dynamic testlist timeout 5

 permit ip any any

 permit tcp any host 185.302.21.2 eq 23

Related Commands

Command
Description

clear access-template

Clears a temporary access list entry from a dynamic access list manually.

distribute-list in (IP)

Filters networks received in updates.

distribute-list out (IP)

Suppresses networks from being advertised in updates.

ip access-group

Controls access to an interface.

ip access-list

Defines an IP access list by name.

logging console

Limits messages logged to the console based on severity.

show access-lists

Displays the contents of current IP and rate-limit access lists.

show ip access-list

Displays the contents of all current IP access lists.


faildetect

To specify the conditions that indicate a server failure, use the faildetect SLB real server configuration command. To restore the default values that indicate a server failure, use the no form of this command.

faildetect numconns number-conns [numclients number-clients]

no faildetect

Syntax Description

numconns

Number of consecutive TCP connection reassignments allowed before a real server is considered to have failed.

number-conns

Connection reassignment threshold value in the range from 1 to 255. The default is 8 connection failures.

numclients

(Optional) Number of unique client connection failures allowed before a real server is considered to have failed.

number-clients

(Optional) Client connection reassignment threshold value in the range from 1 to 8. The default is 2 client connection failures.


Defaults

If you do not specify the faildetect command, the default value of the connection reassignment threshold is 8.

If you do not specify the numclients keyword, the default value of the unique client failure threshold is 2.

Command Modes

SLB real server configuration

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

In the following example the connection reassignment threshold is set to 16 and, because the numclients keyword is not configured, the threshold for unique client connection failure is set to the default value 8. The real server is considered to have failed when 8 unique clients have had connection failures and there have been 16 connection reassignments. 

ip slb serverfarm PUBLIC

 real 10.10.1.1

 faildetect numconns 16

Related Commands

Command
Description

real

Identifies a real server.

show ip slb reals

Displays information about the real servers.

show ip slb serverfarms

Displays information about the server farm configuration.


forwarding-agent

To specify the port on which the forwarding agent will listen for wildcard and fixed affinities, use the forwarding-agent CASA-port configuration command. To disable listening on that port, use the no form of the command.

forwarding-agent port-number [password [timeout]]

no forwarding-agent

Syntax Description

port-number

Port numbers on which the forwarding agent will listen for wildcards broadcast from the services manager. This must match the port number defined on the services manager.

password

(Optional) Text password used for generating the MD5 digest.

timeout

(Optional) Duration (in seconds) during which the Forwarding Agent will accept the new and old password. Valid range is from 0 to 3600 seconds. The default is 180 seconds.


Defaults

The default password timeout is 180 seconds.

The default port for the services manager is 1637.

Command Modes

CASA-port configuration

Command History

Release
Modification

12.0(5)T

This command was introduced.


Examples

The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637: 

forwarding-agent 1637

Related Commands

Command
Description

show ip casa oper

Displays operational information about the Forwarding Agent.


glbp authentication

To configure an authentication string for the Gateway Load Balancing Protocol (GLBP), use the glbp authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.

glbp group authentication text string

no glbp group authentication text string

Syntax Description

group

GLBP group number in the range from 0 to 1023.

text string

Specifies an authentication string. The number of characters in the command plus the text string must not exceed 255 characters.


Defaults

No authentication of GLBP messages occurs.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

The authentication string is sent in plain text in all GLBP messages. The same authentication string must be configured on all the routers that are configured to be members of the same GLBP group, to ensure interoperation. A router will ignore all GLBP messages that contain the wrong authentication string.

Examples

The following example configures stringxyz as the authentication string required to allow GLBP routers in group 10 to interoperate: 

interface fastethernet 0/0

 glbp 10 authentication text stringxyz

Related Commands

Command
Description

glbp ip

Enables GLBP.


glbp forwarder preempt

To configure a router to take over as active virtual forwarder (AVF) for a Gateway Load Balancing Protocol (GLBP) group if the current AVF falls below its low weighting threshold, use the glbp forwarder preempt command in interface configuration mode. To disable this function, use the no form of this command.

glbp group forwarder preempt [delay minimum seconds]

no glbp group forwarder preempt [delay minimum]

Syntax Description

group

GLBP group number in the range from 0 to 1023.

delay minimum seconds

(Optional) Specifies a minimum number of seconds that the router will delay before taking over the role of AVF. The range is from 0 to 3600 seconds with a default delay of 30 seconds.


Command Default

Forwarder preemption is enabled with a default delay of 30 seconds.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Examples

The following example shows a router being configured to preempt the current AVF when the current AVF falls below its low weighting threshold. If the router preempts the current AVF, it waits 60 seconds before taking over the role of the AVF. 

glbp 10 forwarder preempt delay minimum 60

Related Commands

Command
Description

glbp ip

Enables GLBP.


glbp ip

To activate the Gateway Load Balancing Protocol (GLBP), use the glbp ip command in interface configuration mode. To disable GLBP, use the no form of this command.

glbp group ip [ip-address [secondary]]

no glbp group ip [ip-address [secondary]]

Syntax Description

group

GLBP group number in the range from 0 to 1023.

ip-address

(Optional) Virtual IP address for the GLBP group. The IP address must be in the same subnet as the interface IP address.

secondary

(Optional) Indicates that the IP address is a secondary GLBP virtual address.


Defaults

GLBP is disabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

The glbp ip command activates GLBP on the configured interface. If an IP address is specified, that address is used as the designated virtual IP address for the GLBP group. If no IP address is specified, the designated address is learned from another router configured to be in the same GLBP group. For GLBP to elect an active virtual gateway (AVG), at least one router on the cable must have been configured with the designated address. A router must be configured with, or have learned, the virtual IP address of the GLBP group before assuming the role of a GLBP gateway or forwarder. Configuring the designated address on the AVG always overrides a designated address that is in use.

When the glbp ip command is enabled on an interface, the handling of proxy Address Resolution Protocol (ARP) requests is changed (unless proxy ARP was disabled). ARP requests are sent by hosts to map an IP address to a MAC address. The GLBP gateway intercepts the ARP requests and replies to the ARP on behalf of the connected nodes. If a forwarder in the GLBP group is active, proxy ARP requests are answered using the MAC address of the first active forwarder in the group. If no forwarder is active, proxy ARP responses are suppressed.

Examples

The following example activates GLBP for group 10 on Fast Ethernet interface 0/0. The virtual IP address to be used by the GLBP group is set to 10.21.8.10. 

interface fastethernet 0/0

 ip address 10.21.8.32 255.255.255.0

 glbp 10 ip 10.21.8.10

The following example activates GLBP for group 10 on Fast Ethernet interface 0/0. The virtual IP address used by the GLBP group will be learned from another router configured to be in the same GLBP group. 

interface fastethernet 0/0

 glbp 10 ip

Related Commands

Command
Description

show glbp

Displays GLBP information.


glbp load-balancing

To specify the load-balancing method used by the active virtual gateway (AVG) of the Gateway Load Balancing Protocol (GLBP), use the glbp load-balancing command in interface configuration mode. To disable load balancing, use the no form of this command.

glbp group load-balancing [host-dependent | round-robin | weighted]

no glbp group load-balancing

Syntax Description

group

GLBP group number in the range from 0 to 1023.

host-dependent

(Optional) Specifies a load balancing method based on the MAC address of a host where the same forwarder is always used for a particular host while the number of GLBP group members remains unchanged.

round-robin

(Optional) Specifies a load balancing method where each virtual forwarder in turn is included in address resolution replies for the virtual IP address. This method is the default.

weighted

(Optional) Specifies a load balancing method that is dependent on the weighting value advertised by the gateway.


Defaults

The round-robin method is the default.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

Use the host-dependent method of GLBP load balancing when you need each host to always use the same router. Use the weighted method of GLBP load balancing when you need unequal load balancing because routers in the GLBP group have different forwarding capacities.

Examples

The following example shows the host-dependent load-balancing method being configured for the AVG of the GLBP group 10: 

interface fastethernet 0/0

 glbp 10 ip 10.21.8.10

 glbp 10 load-balancing host-dependent

Related Commands

Command
Description

show glbp

Displays GLBP information.


glbp preempt

To configure the gateway to take over as active virtual gateway (AVG) for a Gateway Load Balancing Protocol (GLBP) group if it has higher priority than the current AVG, use the glbp preempt command in interface configuration mode. To disable this feature, use the no form of this command.

glbp group preempt [delay minimum seconds]

no glbp group preempt [delay minimum]

Syntax Description

group

GLBP group number in the range from 0 to 1023.

delay minimum seconds

(Optional) Specifies a minimum number of seconds that the router will delay before taking over the role of AVG. The range is from 0 to 3600 seconds with a default delay of 30 seconds.


Defaults

A GLBP router with a higher priority than the current AVG cannot assume the role of AVG.
The default delay value is 30 seconds.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Examples

The following example shows a router being configured to preempt the current AVG when its priority of 254 is higher than that of the current AVG. If the router preempts the current AVG, it waits 60 seconds before assuming the role of AVG. 

glbp 10 preempt delay minimum 60

glbp 10 priority 254

Related Commands

Command
Description

glbp ip

Enables GLBP.

glbp priority

Sets the priority level of the router within a GLBP group.


glbp priority

To set the priority level of the gateway within a Gateway Load Balancing Protocol (GLBP) group, use the glbp priority command in interface configuration mode. To remove the priority level of the gateway, use the no form of this command.

glbp group priority level

no glbp group priority level

Syntax Description

group

GLBP group number in the range from 0 to 1023.

level

Priority of the gateway within the GLBP group. The range is from 1 to 255. The default is 100.


Defaults

level: 100

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

Use this command to control which virtual gateway becomes the active virtual gateway (AVG). After the priorities of several different virtual gateways are compared, the gateway with the numerically higher priority is elected as the AVG. If two virtual gateways have equal priority, the gateway with the higher IP address is selected.

Examples

The following example shows a virtual gateway being configured with a priority of 254: 

glbp 10 priority 254

Related Commands

Command
Description

glbp ip

Enables GLBP.

glbp preempt

Configures a router to take over as the AVG for a GLBP group if it has higher priority than the current AVG.


glbp timers redirect

To configure the time during which the active virtual gateway (AVG) for a Gateway Load Balancing Protocol (GLBP) group continues to redirect clients to a secondary active virtual forwarder (AVF), use the glbp timers redirect command in interface configuration mode. To restore the redirect timers to their default values, use the no form of this command.

glbp group timers redirect redirect timeout

no glbp group timers redirect redirect timeout

Syntax Description

group

GLBP group number in the range from 0 to 1023.

redirect

Redirect timer interval (in seconds). The default is 300 seconds (5 minutes).

timeout

Time (in seconds) before the secondary virtual forwarder becomes unavailable. The default is 14,400 seconds (4 hours).


Defaults

redirect: 300 seconds
timeout: 14,400 seconds

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

A virtual forwarder that is assigned a virtual MAC address by the AVG is known as a primary virtual forwarder. If the virtual forwarder has learned the virtual MAC address from hello messages, it is referred to as a secondary virtual forwarder.

The redirect timer sets the time delay between a forwarder failing on the network and the AVG assuming that the forwarder will not return. The virtual MAC address to which the forwarder was responsible for replying to is still given out in Address Resolution Protocol (ARP) replies, but the forwarding task is handled by another router in the GLBP group.

The timeout interval is the time delay between a forwarder failing on the network and the MAC address for which the forwarder was responsible becoming inactive on all of the routers in the GLBP group. After the timeout interval, packets sent to this virtual MAC address will be lost. The timeout interval must be long enough to allow all hosts to refresh their ARP cache entry that contained the virtual MAC address.

Examples

The following example shows GLBP group 1, on Fast Ethernet interface 0/0, being configured with a redirect timer of 600 seconds (10 minutes), and a timeout interval of 7200 seconds (2 hours): 

interface fastethernet 0/0

 glbp 10 ip 

 glbp 10 timers redirect 600 7200

glbp timers

To configure the time between hello packets sent by the Gateway Load Balancing Protocol (GLBP) gateway and the time that the virtual gateway and virtual forwarder information is considered valid, use the glbp timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.

glbp group timers [msec] hellotime [msec] holdtime

no glbp group timers

Syntax Description

group

GLBP group number in the range from 0 to 1023.

msec

(Optional) Specifies that the following (hellotime or holdtime) argument value will be expressed in milliseconds.

hellotime

Hello interval. The default is 3 seconds (3000 milliseconds).

holdtime

Time before the virtual gateway and virtual forwarder information contained in the hello packet is considered invalid. The default is 10 seconds (10,000 milliseconds).


Defaults

hellotime: 3 seconds
holdtime: 10 seconds

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

Routers on which timer values are not configured can learn timer values from the active virtual gateway (AVG). The timers configured on the AVG always override any other timer settings. All routers in a GLBP group should use the same timer values. If a GLBP gateway sends a hello message, the information should be considered valid for one holdtime. Normally, holdtime is greater than three times the value of hello time, (holdtime > 3 * hellotime). The range of values for holdtime force the holdtime to be greater than the hello time.

Examples

The following example shows the GLBP group 10 on Fast Ethernet interface 0/0 timers being configured for an interval of 5 seconds between hello packets, and the time after which virtual gateway and virtual forwarder information is considered to be invalid to 18 seconds: 

interface fastethernet 0/0

 glbp 10 ip 

 glbp 10 timers 5 18

glbp weighting track

To specify a tracking object where the Gateway Load Balancing Protocol (GLBP) weighting changes based on the availability of the object being tracked, use the glbp weighting track command in interface configuration mode. To remove the tracking, use the no form of this command.

glbp group weighting track object-number [decrement value]

no glbp group weighting track object-number [decrement value]

Syntax Description

group

GLBP group number in the range from 0 to 1023.

object-number

Object number representing an item to be tracked. Use the track command to configure the tracked object.

decrement value

(Optional) Specifies an amount by which the GLBP weighting for the router is decremented (or incremented) when the interface goes down (or comes back up). The value range is from 1 to 254, with a default value of 10.


Defaults

The default decrement value is 10.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

This command ties the weighting of the GLBP gateway to the availability of its interfaces. It is useful for tracking interfaces that are not configured for GLBP.

When a tracked interface goes down, the GLBP gateway weighting decreases by 10. If an interface is not tracked, its state changes do not affect the GLBP gateway weighting. For each GLBP group, you can configure a separate list of interfaces to be tracked.

The optional value argument specifies by how much to decrement the GLBP gateway weighting when a tracked interface goes down. When the tracked interface comes back up, the weighting is incremented by the same amount.

When multiple tracked interfaces are down, the configured weighting decrements are cumulative.

Use the track command to configure each interface to be tracked.

Examples

In the following example, Fast Ethernet interface 0/0 tracks two interfaces represented by the numbers 1 and 2. If interface 1 goes down, the GLBP gateway weighting decreases by the default value of 10. If interface 2 goes down, the GLBP gateway weighting decreases by 5. 

interface fastethernet 0/0

 ip address 10.21.8.32 255.255.255.0

 glbp 10 weighting track 1

 glbp 10 weighting track 2 decrement 5

Related Commands

Command
Description

glbp weighting

Specifies the initial weighting value of a GLBP gateway.

track

Configures an interface to be tracked.


glbp weighting

To specify the initial weighting value of the Gateway Load Balancing Protocol (GLBP) gateway, use the glbp weighting command in interface configuration mode. To restore the default values, use the no form of this command.

glbp group weighting maximum [lower lower] [upper upper]

no glbp group weighting

Syntax Description

group

GLBP group number in the range from 0 to 1023.

maximum

Maximum weighting value in the range from 1 to 254. Default value is 100.

lower lower

(Optional) Specifies a lower weighting value in the range from 1 to the specified maximum weighting value. Default value is 1.

upper upper

(Optional) Specifies an upper weighting value in the range from the lower weighting to the maximum weighting value. The default value is the specified maximum weighting value.


Defaults

The default gateway weighting value is 100 and the default lower weighting value is 1.

Command Modes

Interface configuration

Command History

Release
Modification

12.2(14)S

This command was introduced.

12.2(15)T

This command was integrated into Cisco IOS Release 12.2(15)T.


Usage Guidelines

The weighting value of a virtual gateway is a measure of the forwarding capacity of the gateway. If a tracked interface on the router fails, the weighting value of the router may fall from the maximum value to below the lower threshold, causing the router to give up its role as a virtual forwarder. When the weighting value of the router rises above the upper threshold, the router can resume its active virtual forwarder role.

Use the glbp weighting track and track commands to configure parameters for an interface to be tracked. If an interface on a router goes down, the weighting for the router can be reduced by a specified value.

Examples

The following example shows the weighting of the gateway for GLBP group 10 being set to a maximum of 110 with a lower weighting limit of 95 and an upper weighting limit of 105: 

interface fastethernet 0/0

 ip address 10.21.8.32 255.255.255.0

 glbp 10 weighting 110 lower 95 upper 105

Related Commands

Command
Description

glbp weighting track

Specifies an object to be tracked that affects the weighting of a GLBP gateway.

track

Configures an interface to be tracked.


hardware-address

To specify the hardware address of a BOOTP client, use the hardware-address DHCP pool configuration command. It is valid for manual bindings only. To remove the hardware address, use the no form of this command.

hardware-address hardware-address type

no hardware-address

Syntax Description

hardware-address

Specifies the MAC address of the hardware platform of the client.

type

Indicates the protocol of the hardware platform. Strings and values are acceptable. The string options are:

ethernet

ieee802

The value options are:

1 10Mb Ethernet

6 IEEE 802

If no type is specified, the default protocol is Ethernet.


Defaults

Ethernet is the default type if none is specified.

Command Modes

DHCP pool configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Examples

The following example specifies b708.1388.f166 as the MAC address of the client: 

hardware-address b708.1388.f166 ieee802

Related Commands

Command
Description

client-identifier

Specifies the unique identifier of a DHCP client in dotted hexadecimal notation.

host

Specifies the IP address and network mask for a manual binding to a DHCP client.

ip dhcp pool

Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.


host

To specify the IP address and network mask for a manual binding to a Dynamic Host Configuration Protocol (DHCP) client, use the host command in DHCP pool configuration mode. To remove the IP address of the client, use the no form of this command.

host address [mask | prefix-length]

no host

Syntax Description

address

Specifies the IP address of the client.

mask

(Optional) Specifies the network mask of the client.

prefix-length

(Optional) Specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/).


Command Modes

DHCP pool configuration

Command History

Release
Modification

12.0(1)T

This command was introduced.


Usage Guidelines

If the mask and prefix length are unspecified, DHCP examines its address pools. If no mask is found in the pool database, the Class A, B, or C natural mask is used. This command is valid for manual bindings only.

There is no limit on the number of manual bindings but you can configure only one manual binding per host pool.

Examples

The following example specifies 10.12.1.99 as the IP address of the client and 255.255.248.0 as the subnet mask: 

host 10.12.1.99 255.255.248.0

Related Commands

Command
Description

client-identifier

Specifies the unique identifier of a Microsoft DHCP client in dotted hexadecimal notation.

hardware-address

Specifies the hardware address of a DHCP client.

ip dhcp pool

Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.

network (DHCP)

Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.